How to find Exchange recipients that are associated with an NT account (251390)



The information in this article applies to:

  • Microsoft Active Directory Service Interfaces 1.0
  • Microsoft Active Directory Service Interfaces 2.0
  • Microsoft Active Directory Service Interfaces 2.5
  • Microsoft Exchange Server 5.5
  • Microsoft Exchange Server 5.5 SP1
  • Microsoft Exchange Server 5.5 SP2
  • Microsoft Exchange Server 5.5 SP3

This article was previously published under Q251390

SUMMARY

The sample code in this article uses Active Directory Services Interfaces (ADSI) along with a resource kit object from the Platform SDK to find all of the mailboxes linked to a particular Windows Domain account.

A Microsoft Exchange Server recipient may have a primary Windows Domain account associated with it. Since it is most common to associate a Windows Domain account with a mailbox, this article refers to the recipient as such. However, it is worth noting that a Windows Domain account can be linked with a custom recipient as well. In both cases, this link is created by storing the security identifier (SID) of the Windows Domain account in an attribute on the object in the directory.

back to the top

Find recipients that are associated with an NT account

ADSI has a Lightweight Directory Access Protocol (LDAP) provider that can be used to retrieve information from the Exchange directory. The mailbox attribute which stores the Primary Windows Domain account has an LDAP name of Assoc-NT-Account. The Assoc-NT-Account attribute does not contain the security account's textual name, but rather a binary string representation of the SID. Every object in the Windows NT Security Domain has an SID. Also, most of the objects, such as Windows NT user accounts, have names that can be displayed as MyDomain\MyUserName.

The example below takes the domain and username of a Windows Domain account as inputs. It retrieves the SID for that account from the primary domain controller as an array of bytes. Next, it converts the binary array into the string representation format that the SID is stored in by Exchange. Finally, the example queries Exchange for all Assoc-NT-Account attributes with that value and displays them.

The code below requires that both the ADSI run time and the ADsSecurity.dll file are properly installed on the system. The ADsSID class of the ADsSecurity object is used to retrieve the SID and covert it into the string representation. This process could be done in an application without the use of this object. However, it is included here so that the example can be used in a scripting environment.
'Dim oConn As ADODB.Connection
'Dim oRS As ADODB.Recordset
'Dim oSid As ADSSECURITYLib.ADsSID
'Dim strServerName As String
'Dim strDomain As String
'Dim strUsername As String
'Dim strSid As String
'Dim strQuery As String

Const ADS_SID_HEXSTRING = 1
Const ADS_SID_WINNT_PATH = 5

'To Do: replace with proper names in the environment
strServerName = "MyExchangeServer"
strDomain = "MyDomain"
strUsername = "MyUsername"

Set oSid = CreateObject("ADsSid")  'from ResourceKit
oSid.SetAs ADS_SID_WINNT_PATH, "WinNT://" & strDomain & "/" & strUsername  'Get the user account SID
strSid = oSid.GetAs(ADS_SID_HEXSTRING)  'Convert to binary string

strQuery = "<LDAP://" & strServerName & ">;(&(objectCategory=person)(Assoc-NT-Account=" & strSid & "));adspath,cn,mail;subtree"

Set oConn = CreateObject("ADODB.Connection") 'Create an ADO Connection
oConn.Provider = "ADsDSOOBJECT"              ' ADSI OLE-DB provider
oConn.Open "ADs Provider"
Set oRS = oConn.Execute(strQuery)

If oRS.BOF And oRS.EOF Then
 MsgBox "Unable to retrieve your information"
Else
  While Not oRS.EOF
   MsgBox "Mailbox :  " & oRS.Fields("cn") & vbLf & "Email : " & oRS.Fields("mail")
   oRS.MoveNext
  Wend
End If

'Clean Up
Set oSid = Nothing
oRS.Close
oConn.Close
Set oRS = Nothing
Set oConn = Nothing
back to the top

REFERENCES

For more information about operating system-specific ADSI run-time downloads, visit the following Microsoft Web site: For more information ADSI ADO provider, click the following article number to view the article in the Microsoft Knowledge Base:

187529 How to use ADO to access objects through an ADSI LDAP provider

The ADsSecurity.dll file is part of Active Directory Service Interfaces (ADSI) software development kit (SDK) 2.5.

To download ADSI SDK 2.5, visit the following Microsoft Web site:back to the top

Modification Type:MajorLast Reviewed:2/8/2006
Keywords:kbHOWTOmaster kbMsg KB251390 kbAudDeveloper